3 matches found
CVE-2021-27442
The CVE-2021-27442 entry describes a cross-site scripting vulnerability in Weintek EasyWeb cMT (Weintek cMT product line). The issue is triggered in cross-site scripting during web page generation, allowing an unauthenticated remote attacker to inject JavaScript. Affected products include cMT mod...
CVE-2021-27444
The CVE-2021-27444 issue affects Weintek EasyWeb cMT product line, arising from improper access controls that allow an unauthenticated remote attacker to access sensitive data and perform administrative actions as a legitimate administrator. The CVE is documented with a high/critical impact (CVSS...
CVE-2021-27446
CVE-2021-27446 affects Weintek EasyWeb cMT line with Code Injection vulnerability allowing an unauthenticated remote attacker to execute commands with root privileges. Affected components: Weintek cMT product family; root cause described as improper generation of code (CWE-94) enabling code injec...